Penetration Testing mailing list archives
Re: Re: Importance of being a QSA
From: Dotzero <dotzero () gmail com>
Date: Fri, 1 Dec 2006 16:56:54 -0500
On 28 Nov 2006 21:51:56 -0000, mr.nasty () ix netcom com <mr.nasty () ix netcom com> wrote:
I can't help myself here but this type of idiocy kills me. The reason for regulatory bodies is because there are those in the business who can't seem to follow a set of guidelines to provide at least a basic level of trust to keep their customers identity private. Now I don't want to get off on a rant here but the opportunity is there.
I find Mr. Nasty's post kind of ironic. The thread is about PCI/QSA/ASV which derives from a contractual obligation rather than a regulatory (government) framework. I happen to like PCI better than the regulatory frameworks because it isn't as fuzzy (Shall we have a discussion about what "significant" means under SOX?) and is getting less fuzzy with 1.1. Nobody forces a company to submit to PCI. You choose to do it because you desire to accept payment by credit card. It is a contractual obligation. If you don't accept credit cards and you don't provide services (within the PCI environment) to a company that does...then you don't have to worry about PCI. I agree with Erin that being an ASV would be useful if you are doing vulnerability assessments and pentests. If you are in the auditing and remediation arena then you will want QSA if you are dealing with anyone accepting credit cards. Just my 2 cents. Dotzero ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Re: Importance of being a QSA mr . nasty (Dec 01)
- Re: Re: Importance of being a QSA Dotzero (Dec 01)
- Re: Re: Importance of being a QSA Kurt Grutzmacher (Dec 03)